Tuesday, May 13, 2008

Bell accused of privacy invasion

"The Canadian Internet Policy and Public Interest Clinic, a University of Ottawa legal clinic specializing in internet- and other technology-related law, has joined the assault on Bell Canada Inc. and its traffic-shaping practices, urging an investigation by the country's privacy commissioner.

The group says Bell has failed to obtain the consent of its retail and wholesale internet customers in applying its deep-packet inspection technology, which tells the company what subscribers are using their connections for. Bell is using DPI to find and limit the use of peer-to-peer applications such as BitTorrent, which it says are congesting its network.

The CIPPIC, which is made up mainly of lawyers and law students from the University of Ottawa, says Bell has not only failed to show that its network is congested and that its actions are necessary, but it has also run afoul of the Personal Information Protection and Electronic Documents Act (PIPEDA) in doing so.

"Practices [such as] those involving the collection and use of personal information are not necessary to ensure network integrity and quality of service," wrote CIPPIC director Philippa Lawson in a letter to the commissioner dated May 9."

The CIPPIC's news release and a copy of their letter to Canadian Privacy Commissioner Jennifer Stoddart, are available on their website.

"Large ISPs including Bell Canada and Rogers Communications Inc. may be monitoring internetsubscribers’ online activities contrary to Canada’s privacy legislation, and the Canadian InternetPolicy and Public Interest Clinic has asked Canada’s Privacy Commissioner to investigate.The Canadian Internet Policy and Public Interest Clinic (CIPPIC) today filed a complaint withCanada’s Privacy Commissioner about Bell Canada’s alleged practice of monitoring internetsubscribers’ internet activities without their knowledge or consent. Bell began to apply “deeppacket inspection” to its own Sympatico retail customers late in October 2007, but only admittedthis practice late in March 2008, after it began applying the same practice to subscribers of other,independent internet service providers.Bell claims it is respecting the privacy of ISP subscribers, but has refused to describe just what itsdeep packet inspection of subscribers’ activities really uncovers. “Millions of Canadians use theInternet every day,” said Philippa Lawson, Executive Director of the Clinic. “How can theyknow if their privacy is being respected, if Bell won’t disclose what it is actually doing?”There is evidence that other large ISPs such as Rogers, Shaw, and Cogeco may be engaging insimilar practices, said Lawson. “Our complaint focuses on Bell, but we are asking theCommissioner to investigate all ISPs who engage in traffic-shaping practices.”“Canada has privacy legislation that Bell and other ISPs must follow,” Ms. Lawson pointed out.“We’re asking the Privacy Commissioner to investigate just what Bell’s use of deep packetinspection involves. Canadians have a right to know who is looking over their shoulders, andwhy.”CIPPIC is based at the University of Ottawa, Faculty of Law. The clinic seeks to ensure balancein policy and law-making processes on issues that arise as a result of new technologies."